coder
diff --git a/‎.golangci.yaml
Lines changed: 8 additions & 4 deletions b/‎.golangci.yaml
Lines changed: 8 additions & 4 deletions
diff --git a/‎agent/agent.go
Lines changed: 12 additions & 1 deletion b/‎agent/agent.go
Lines changed: 12 additions & 1 deletion
diff --git a/‎agent/agent_test.go
Lines changed: 10 additions & 0 deletions b/‎agent/agent_test.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎agent/apphealth.go
Lines changed: 4 additions & 1 deletion b/‎agent/apphealth.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎cli/server.go
Lines changed: 16 additions & 4 deletions b/‎cli/server.go
Lines changed: 16 additions & 4 deletions
diff --git a/‎coderd/audit/diff.go
Lines changed: 2 additions & 1 deletion b/‎coderd/audit/diff.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/audit/request.go
Lines changed: 6 additions & 0 deletions b/‎coderd/audit/request.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 14 additions & 5 deletions b/‎coderd/coderd.go
Lines changed: 14 additions & 5 deletions
diff --git a/‎coderd/coderdtest/authorize.go
Lines changed: 2 additions & 1 deletion b/‎coderd/coderdtest/authorize.go
Lines changed: 2 additions & 1 deletion
@@ -235,10 +235,15 @@ linters:
     - noctx
     - paralleltest
     - revive
-    - rowserrcheck
-    - sqlclosecheck
+
+    # These don't work until the following issue is solved.
+    # https://github.com/golangci/golangci-lint/issues/2649
+    # - rowserrcheck
+    # - sqlclosecheck
+    # - structcheck
+    # - wastedassign
+
     - staticcheck
-    - structcheck
     - tenv
     # In Go, it's possible for a package to test it's internal functionality
     # without testing any exported functions. This is enabled to promote
@@ -253,4 +258,3 @@ linters:
     - unconvert
     - unused
     - varcheck
-    - wastedassign
 
@@ -448,7 +448,18 @@ func (a *agent) init(ctx context.Context) {
 			"sftp": func(session ssh.Session) {
 				session.DisablePTYEmulation()
 
-				server, err := sftp.NewServer(session)
+				var opts []sftp.ServerOption
+				// Change current working directory to the users home
+				// directory so that SFTP connections land there.
+				// https://github.com/coder/coder/issues/3620
+				u, err := user.Current()
+				if err != nil {
+					a.logger.Warn(ctx, "get sftp working directory failed, unable to get current user", slog.Error(err))
+				} else {
+					opts = append(opts, sftp.WithServerWorkingDirectory(u.HomeDir))
+				}
+
+				server, err := sftp.NewServer(session, opts...)
 				if err != nil {
 					a.logger.Debug(session.Context(), "initialize sftp server", slog.Error(err))
 					return
 
@@ -10,6 +10,7 @@ import (
 	"net/netip"
 	"os"
 	"os/exec"
+	"os/user"
 	"path/filepath"
 	"runtime"
 	"strconv"
@@ -212,12 +213,21 @@ func TestAgent(t *testing.T) {
 
 	t.Run("SFTP", func(t *testing.T) {
 		t.Parallel()
+		u, err := user.Current()
+		require.NoError(t, err, "get current user")
+		home := u.HomeDir
+		if runtime.GOOS == "windows" {
+			home = "/" + strings.ReplaceAll(home, "\\", "/")
+		}
 		conn, _ := setupAgent(t, codersdk.WorkspaceAgentMetadata{}, 0)
 		sshClient, err := conn.SSHClient()
 		require.NoError(t, err)
 		defer sshClient.Close()
 		client, err := sftp.NewClient(sshClient)
 		require.NoError(t, err)
+		wd, err := client.Getwd()
+		require.NoError(t, err, "get working directory")
+		require.Equal(t, home, wd, "working directory should be home user home")
 		tempFile := filepath.Join(t.TempDir(), "sftp")
 		file, err := client.Create(tempFile)
 		require.NoError(t, err)
 
@@ -60,8 +60,10 @@ func NewWorkspaceAppHealthReporter(logger slog.Logger, workspaceAgentApps Worksp
 				continue
 			}
 			app := nextApp
-			t := time.NewTicker(time.Duration(app.Healthcheck.Interval) * time.Second)
 			go func() {
+				t := time.NewTicker(time.Duration(app.Healthcheck.Interval) * time.Second)
+				defer t.Stop()
+
 				for {
 					select {
 					case <-ctx.Done():
@@ -118,6 +120,7 @@ func NewWorkspaceAppHealthReporter(logger slog.Logger, workspaceAgentApps Worksp
 		lastHealth := copyHealth(health)
 		mu.Unlock()
 		reportTicker := time.NewTicker(time.Second)
+		defer reportTicker.Stop()
 		// every second we check if the health values of the apps have changed
 		// and if there is a change we will report the new values.
 		for {
 
@@ -208,15 +208,25 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 			)
 			defer closeTunnel()
 
-			// If the access URL is empty, we attempt to run a reverse-proxy tunnel
-			// to make the initial setup really simple.
+			// If the access URL is empty, we attempt to run a reverse-proxy
+			// tunnel to make the initial setup really simple.
 			if dflags.AccessURL.Value == "" {
 				cmd.Printf("Opening tunnel so workspaces can connect to your deployment. For production scenarios, specify an external access URL\n")
 				tunnel, tunnelErr, err = devtunnel.New(ctxTunnel, logger.Named("devtunnel"))
 				if err != nil {
 					return xerrors.Errorf("create tunnel: %w", err)
 				}
 				dflags.AccessURL.Value = tunnel.URL
+
+				if dflags.WildcardAccessURL.Value == "" {
+					u, err := parseURL(ctx, tunnel.URL)
+					if err != nil {
+						return xerrors.Errorf("parse tunnel url: %w", err)
+					}
+
+					// Suffixed wildcard access URL.
+					dflags.WildcardAccessURL.Value = fmt.Sprintf("*--%s", u.Hostname())
+				}
 			}
 
 			accessURLParsed, err := parseURL(ctx, dflags.AccessURL.Value)
@@ -752,7 +762,7 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 
 // parseURL parses a string into a URL. It works around some technically correct
 // but undesired behavior of url.Parse by prepending a scheme if one does not
-// exist so that the URL does not get parsed improprely.
+// exist so that the URL does not get parsed improperly.
 func parseURL(ctx context.Context, u string) (*url.URL, error) {
 	var (
 		hasScheme = strings.HasPrefix(u, "http:") || strings.HasPrefix(u, "https:")
@@ -1108,7 +1118,9 @@ func serveHandler(ctx context.Context, logger slog.Logger, handler http.Handler,
 		}
 	}()
 
-	return func() { _ = srv.Close() }
+	return func() {
+		_ = srv.Close()
+	}
 }
 
 // embeddedPostgresURL returns the URL for the embedded PostgreSQL deployment.
 
@@ -16,7 +16,8 @@ type Auditable interface {
 		database.User |
 		database.Workspace |
 		database.WorkspaceBuild |
-		database.GitSSHKey
+		database.GitSSHKey |
+		database.Group
 }
 
 // Map is a map of changed fields in an audited resource. It maps field names to
 
@@ -49,6 +49,8 @@ func ResourceTarget[T Auditable](tgt T) string {
 		return string(typed.BuildNumber)
 	case database.GitSSHKey:
 		return typed.PublicKey
+	case database.Group:
+		return typed.Name
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
 	}
@@ -70,6 +72,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
 		return typed.ID
 	case database.GitSSHKey:
 		return typed.UserID
+	case database.Group:
+		return typed.ID
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
 	}
@@ -91,6 +95,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
 		return database.ResourceTypeWorkspaceBuild
 	case database.GitSSHKey:
 		return database.ResourceTypeGitSshKey
+	case database.Group:
+		return database.ResourceTypeGroup
 	default:
 		panic(fmt.Sprintf("unknown resource %T", tgt))
 	}
 
@@ -204,7 +204,7 @@ func New(options *Options) *API {
 		// app URL. If it is, it will serve that application.
 		api.handleSubdomainApplications(
 			// Middleware to impose on the served application.
-			httpmw.RateLimitPerMinute(options.APIRateLimit),
+			httpmw.RateLimit(options.APIRateLimit, time.Minute),
 			httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 				DB:            options.Database,
 				OAuth2Configs: oauthConfigs,
@@ -229,7 +229,7 @@ func New(options *Options) *API {
 	apps := func(r chi.Router) {
 		r.Use(
 			tracing.Middleware(api.TracerProvider),
-			httpmw.RateLimitPerMinute(options.APIRateLimit),
+			httpmw.RateLimit(options.APIRateLimit, time.Minute),
 			httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 				DB:            options.Database,
 				OAuth2Configs: oauthConfigs,
@@ -267,7 +267,7 @@ func New(options *Options) *API {
 		r.Use(
 			tracing.Middleware(api.TracerProvider),
 			// Specific routes can specify smaller limits.
-			httpmw.RateLimitPerMinute(options.APIRateLimit),
+			httpmw.RateLimit(options.APIRateLimit, time.Minute),
 		)
 		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 			httpapi.Write(r.Context(), w, http.StatusOK, codersdk.Response{
@@ -304,7 +304,7 @@ func New(options *Options) *API {
 				apiKeyMiddleware,
 				// This number is arbitrary, but reading/writing
 				// file content is expensive so it should be small.
-				httpmw.RateLimitPerMinute(12),
+				httpmw.RateLimit(12, time.Minute),
 			)
 			r.Get("/{fileID}", api.fileByID)
 			r.Post("/", api.postFile)
@@ -391,7 +391,15 @@ func New(options *Options) *API {
 		r.Route("/users", func(r chi.Router) {
 			r.Get("/first", api.firstUser)
 			r.Post("/first", api.postFirstUser)
-			r.Post("/login", api.postLogin)
+			r.Group(func(r chi.Router) {
+				// We use a tight limit for password login to protect
+				// against audit-log write DoS, pbkdf2 DoS, and simple
+				// brute-force attacks.
+				//
+				// Making this too small can break tests.
+				r.Use(httpmw.RateLimit(60, time.Minute))
+				r.Post("/login", api.postLogin)
+			})
 			r.Get("/authmethods", api.userAuthMethods)
 			r.Route("/oauth2", func(r chi.Router) {
 				r.Route("/github", func(r chi.Router) {
@@ -495,6 +503,7 @@ func New(options *Options) *API {
 				apiKeyMiddleware,
 			)
 			r.Get("/", api.workspaces)
+			r.Get("/count", api.workspaceCount)
 			r.Route("/{workspace}", func(r chi.Router) {
 				r.Use(
 					httpmw.ExtractWorkspaceParam(options.Database),
 
@@ -243,7 +243,8 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"POST:/api/v2/organizations/{organization}/templateversions":    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 
 		// Endpoints that use the SQLQuery filter.
-		"GET:/api/v2/workspaces/": {StatusCode: http.StatusOK, NoAuthorize: true},
+		"GET:/api/v2/workspaces/":      {StatusCode: http.StatusOK, NoAuthorize: true},
+		"GET:/api/v2/workspaces/count": {StatusCode: http.StatusOK, NoAuthorize: true},
 	}
 
 	// Routes like proxy routes support all HTTP methods. A helper func to expand
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,8 @@ type Auditable interface {`
`16`	`16`	`database.User \|`
`17`	`17`	`database.Workspace \|`
`18`	`18`	`database.WorkspaceBuild \|`
`19`		`- database.GitSSHKey`
	`19`	`+ database.GitSSHKey \|`
	`20`	`+ database.Group`
`20`	`21`	`}`
`21`	`22`
`22`	`23`	`// Map is a map of changed fields in an audited resource. It maps field names to`
Original file line number	Diff line number	Diff line change
`@@ -243,7 +243,8 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {`
`243`	`243`	`"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},`
`244`	`244`
`245`	`245`	`// Endpoints that use the SQLQuery filter.`
`246`		`- "GET:/api/v2/workspaces/": {StatusCode: http.StatusOK, NoAuthorize: true},`
	`246`	`+ "GET:/api/v2/workspaces/": {StatusCode: http.StatusOK, NoAuthorize: true},`
	`247`	`+ "GET:/api/v2/workspaces/count": {StatusCode: http.StatusOK, NoAuthorize: true},`
`247`	`248`	`}`
`248`	`249`
`249`	`250`	`// Routes like proxy routes support all HTTP methods. A helper func to expand`